Mozilla Firefox ESR < 91.6.1

The version of Firefox ESR installed on the remote Windows host is prior to 91.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-09 advisory. - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. ...

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution...

USN-5314-1: Firefox vulnerabilities

A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2022-26485 A use-after-free was discovered in the...

Updated firefox packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free CVE-2022-26485. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape CVE-2022-26486...

UBUNTU-CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A resource management error vulnerability exists in Mozilla Firefox versions prior to 97, which stems from a post-release usage error when processing messages in the WebGPU IPC framework. An attacker...

VulnCheck KEV: CVE-2022-26486

Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution...

KLA12470 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in XSLT parameter processing can be exploited to cause denial ...

KLA12475 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in XSLT parameter processing can be exploited to cause...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-064-01)

The version of mozilla-firefox installed on the remote host is prior to 91.6.1esr / 97.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-064-01 advisory. - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable...

Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 — Mozilla

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of...

KLA12469 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in XSLT parameter processing can be exploited to cause...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1350-1 Rating: important References: 1190765 1191166 1191204 1191463 Cross-References: CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37960 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1339-1 Rating: important References: 1190765 1191166 1191204 Cross-References: CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37960 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963...

DEBIAN-CVE-2021-37957

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-37957

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-37957

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-37957

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...